CVE-2025-54821

LOW

Fortinet Fortiproxy < 7.6.4 - Improper Privilege Management

Title source: rule
STIX 2.1

Description

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

References (1)

Scores

CVSS v3 1.9
EPSS 0.0001
EPSS Percentile 2.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-269
Status published
Products (3)
fortinet/fortios 6.4.0 - 7.6.4
fortinet/fortipam 1.0.0 - 1.6.1
fortinet/fortiproxy 7.0.0 - 7.6.4
Published Nov 18, 2025
Tracked Since Feb 18, 2026